Bug 483928 - Selinux denies access to host.deny for prelude-manager
Selinux denies access to host.deny for prelude-manager
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
10
All Linux
low Severity low
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-04 05:18 EST by Dirk Götz
Modified: 2009-02-09 09:23 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-02-09 09:23:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dirk Götz 2009-02-04 05:18:48 EST
Description of problem:
SELinux denies (read) access to /etc/host.deny (etc_runtime_t) for prelude-manager (prelude_t), so prelude-manager thinks "TLS handshake failed" and tells you have to register the sensor.

Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-40.fc10.noarch
selinux-policy-targeted-3.5.13-40.fc10.noarch
prelude-manager-0.9.14.2-1.fc10.x86_64

How reproducible:
Installed components on updated F10 virtual machine following this tutorial http://people.redhat.com/sgrubb/audit/prelude.txt to evaluate prelude. You will see the denial after step 7, when you try to start the first registered sensor.

AVC:
node=localhost.localdomain type=AVC msg=audit(1233565243.279:38): avc:  denied  { read } for  pid=4658 comm="prelude-manager" name="hosts.deny" dev=dm-0 ino=112924 scontext=unconfined_u:system_r:prelude_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file

Resulting /var/log/messages-entries:
Feb  2 10:00:42 prelude audispd: af_unix plugin initialized
Feb  2 10:00:42 prelude audispd: audispd initialized with q_depth=512 and 2 active plugins
Feb  2 10:00:43 prelude auditd[5569]: Init complete, auditd 1.7.11 listening for events (startup state enable)
Feb  2 10:00:43 prelude prelude-manager: warning: cannot open /etc/hosts.deny: Permission denied
Feb  2 10:00:43 prelude prelude-manager: WARNING: [127.0.0.1:37572]: tcp wrapper refused connection.
Feb  2 10:00:43 prelude audisp-prelude: Unable to start prelude client: TLS handshake failed: A TLS packet with unexpected length was received..#012#012In order to register this sensor, please run:#012prelude-admin register auditd "idmef:w" 127.0.0.1 --uid 0 --gid 0#012#012Profile 'auditd' does not exist. In order to create it, please run:#012prelude-admin register "auditd" "idmef:w" <manager address> --uid 0 --gid 0
Feb  2 10:00:43 prelude audisp-prelude: audisp-prelude is exiting due to init_prelude failure
Feb  2 10:01:01 prelude audispd: plugin /sbin/audisp-prelude terminated unexpectedly
Feb  2 10:01:01 prelude prelude-manager: warning: cannot open /etc/hosts.deny: Permission denied
Feb  2 10:01:01 prelude prelude-manager: WARNING: [127.0.0.1:37573]: tcp wrapper refused connection.
Feb  2 10:01:01 prelude audisp-prelude: Unable to start prelude client: TLS handshake failed: A TLS packet with unexpected length was received..#012#012In order to register this sensor, please run:#012prelude-admin register auditd "idmef:w" 127.0.0.1 --uid 0 --gid 0#012#012Profile 'auditd' does not exist. In order to create it, please run:#012prelude-admin register "auditd" "idmef:w" <manager address> --uid 0 --gid 0
Feb  2 10:01:01 prelude audisp-prelude: audisp-prelude is exiting due to init_prelude failure
Comment 1 Miroslav Grepl 2009-02-04 08:20:09 EST
Dirk,

you can allow this for now.

# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Comment 2 Miroslav Grepl 2009-02-05 07:46:14 EST
Fixed in selinux-policy-3.5.13-44.fc10

Note You need to log in before you can comment on or make changes to this bug.